Craig McDonald Jul 22, 2022 5:14:45 PM 7 MIN READ

Should Banks be Held Responsible for Implementing Safeguards to Reduce Cybercrime?

As technological advancements continue unabated, there seems to be a never-ending stream of new and upgraded ways to make payments. From standard bank transfers or credit card payments to BPAY, Osko, AfterPay and much more, making a payment is now a fairly seamless and often instantaneous process in Australia. Gone are the times of waiting three business days or longer for a bank transfer, now you can send and receive payments within seconds all from your mobile device. However, while it’s certainly more convenient, a lack of safeguards is leaving many Australians exposed to fraud. 

In 2021, Australians lost $227 million to payment redirection scams alone, which is an increase of 77% on 2020. Earlier this month, the Australian Competition and Consumer Commission (ACCC)’s Deputy Chair, Delia Rickard called on Australian banks to adopt safeguards which could help prevent such large-scale losses in years to come. Her suggestion is that, at a minimum, banks should be implementing a ‘Confirmation of Payee’ system, which is currently used in the UK, listing the failure to do so as a reason that the cybercrime industry continues to thrive in Australia. 

Confirmation of Payee is a simple method which “catches bank transfer scams by matching a recipient’s bank details with their name”. Although when making a bank transfer, Australian banks often ask for the recipient’s name, most banks only match the BSB and account number, leaving customers at risk when it comes to redirection scams. 

Delia Rickard isn’t alone in her thinking. In January, Gerard Brody, CEO of the Consumer Action Law Centre, also called for banks to take more responsibility for financial scams and highlighted the success of the UK’s Contingent Reimbursement Code. Setting standards for signatory banks, the Code includes “commitments to protect customers with procedures to detect, prevent and respond to “authorised push payment” fraud”, which is when someone is tricked into transferring money. Since the introduction of the Code, reimbursement rates for scams by signatory banks rose from 19% to 47%. It's Brody’s thinking that being held liable will encourage banks to introduce safeguards which will prevent the fraud from happening in the first place. 

With this in mind, I turned to my LinkedIn network and asked, “Is it the responsibility of banks to implement safeguards such as “Confirmation of Payee” in hopes of reducing cybercrime? 

  • An overwhelming 91% of respondents voted ‘Yes’,
  • Just 6% of replies voted for ‘No’,
  • And 2% of people replied that it’s ‘Complicated’

The results speak for themselves. It’s evident that the majority of Australians wish banks would do more to prevent growing cybercrime rates nationally. 

One response stated: 
Banks (Australian) and regulators should enforce minimum transaction security requirements on customers. Even enforcing PayID will resolve a huge degree of fraud risk.” 

At present, Australian banks are continuing to push back against the pressure to conduct mandatory checks through systems such as Confirmation of Payee. Instead, this week, the Australian Banking Association (ABA) launched the “Australian Banks: Working to Protect You” campaign which encourages customers to use PayID when making payments online and through mobile banking apps. 

PayID uses either the mobile or email address of the person or business you wish to pay, rather than BSB and account number, making payments more secure. Currently, 11 million Australians are registered with PayID. However, only 17% of payments made through the New Payments Platform (NPP), such as Osko, are addressed to a PayID, showing that many Australians are slow to embrace the system.   

While this system could help reduce fraud, particularly if use was enforced, the campaign seems to be a not-so-subtle push from the ABA for customers to take greater personal responsibility when it comes to scam prevention, taking the onus away from the banks themselves. 

As it is, with relatively few cybersecurity protection mandates in place, it’s largely up to each bank to decide what safeguards they would like to implement. While there’s a clear push against Confirmation of Payee, measures are being taken in other areas to reduce fraud. Three of Australia’s ‘Big Four’ banks (NAB, ANZ and Westpac) have now introduced dynamic Card Verification Value (CVV) in an effort to reduce card fraud rates across the nation. Since its introduction in 2020, Westpac have seen an 80% reduction in fraud in comparison to customers who only use a static CVV. 

Commonwealth Bank have also taken steps towards providing their customers with better protection. At the start of July, the bank introduced new artificial intelligence (AI) technology to help them detect suspicious or unusual behaviour. 

“The new AI technology uses machine learning techniques to track unusual changes to the way a customer normally interacts with their devices and is an extension to the Bank’s comprehensive scam and fraud protection strategy.” 

“As well as the new AI detection system, CBA is also rolling out two-way push notifications that are safer than one-way SMS messages, increasing its investment in scam and fraud protection, doubling the size of its scam protection and prevention team, and releasing educational videos to inform customers how to protect themselves from scams.” 

As a MailGuard partner, I’m curious to know your opinion on the matter. Do you believe that banks should be held more accountable when it comes to implementing safeguards to reduce cybercrime? Should customers take the brunt of the responsibility? Or is there a happy middle ground for all parties? Share your thoughts in the comments below. 

Talk to us

MailGuard's partner blog is a forum to share information and we want it to be a dialogue. Reach out to us and tell us what your customers need so we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.  


Australian partners, please call us on 1300 30 65 10  

US partners call 1888 848 2822  

UK partners call 0 800 404 8993  

We’re on Facebook, Twitter and LinkedIn. 

Keep Informed with Weekly Updates